package cn.java81.jdbc;

import cn.java81.util.DbUtil;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

/**
 * @author oldliu
 * @since 1.0
 */
public class UpdateStudent2 {
    public static void main(String[] args) {
        //根据学号修改学生的姓名和手机号
        //sc.nextLine
        Scanner sc=new Scanner(System.in);
        System.out.println("请输入要改的学号：");
        long stuno=sc.nextLong();
        sc.nextLine();//读取 数字后面的回车，丢弃
        System.out.println("输入新名字：");
        String newName=sc.nextLine();
        //占位符的方案：
        String sql="update s_student set sname=?,telephone=? where stuno=?";

        System.out.println("请输入新手机号：");
        String phone=sc.nextLine();
        Connection connection = DbUtil.getConnection();
        PreparedStatement st=null;
        try {
            st=connection.prepareStatement(sql);
            //sql注入漏洞
            System.out.println(sql);
            st.setString(1,newName);
            st.setString(2,phone);
            st.setLong(3,stuno);
            int r=st.executeUpdate();
            System.out.println("修改了"+r+"条");
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            DbUtil.close(null,st,connection);
        }

    }
}
